diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java deleted file mode 100644 index aba0342..0000000 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/MergeCallbacks.java +++ /dev/null @@ -1,122 +0,0 @@ -// SPDX-FileCopyrightText: 2022 Paul Schaub -// -// SPDX-License-Identifier: Apache-2.0 - -package pgp.cert_d.cli; - -import org.bouncycastle.openpgp.PGPException; -import org.bouncycastle.openpgp.PGPPublicKey; -import org.bouncycastle.openpgp.PGPPublicKeyRing; -import org.pgpainless.PGPainless; -import org.pgpainless.certificate_store.CertificateFactory; -import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate.KeyMaterial; -import pgp.certificate.KeyMaterialMerger; - -import java.io.IOException; -import java.util.Iterator; - -public class MergeCallbacks { - - /** - * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one - * combined certificate. - * - * @return merging callback - */ - public static KeyMaterialMerger mergeCertificates() { - return new KeyMaterialMerger() { - - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { - try { - PGPPublicKeyRing existingCert = PGPainless.readKeyRing().publicKeyRing(existing.getInputStream()); - PGPPublicKeyRing updatedCert = PGPainless.readKeyRing().publicKeyRing(data.getInputStream()); - PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); - - printOutDifferences(existingCert, mergedCert); - - return CertificateFactory.certificateFromPublicKeyRing(mergedCert); - } catch (PGPException e) { - throw new RuntimeException(e); - } - } - - private void printOutDifferences(PGPPublicKeyRing existingCert, PGPPublicKeyRing mergedCert) { - int numSigsBefore = countSigs(existingCert); - int numSigsAfter = countSigs(mergedCert); - int newSigs = numSigsAfter - numSigsBefore; - int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); - int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); - int newUids = numUidsAfter - numUidsBefore; - - if (!existingCert.equals(mergedCert)) { - OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); - StringBuilder sb = new StringBuilder(); - sb.append(String.format("Certificate %s has", fingerprint)); - if (newSigs != 0) { - sb.append(String.format(" %d new signatures", newSigs)); - } - if (newUids != 0) { - if (newSigs != 0) { - sb.append(" and"); - } - sb.append(String.format(" %d new UIDs", newUids)); - } - if (newSigs == 0 && newUids == 0) { - sb.append(" changed"); - } - - // In this case it is okay to print to stdout, since we are a CLI app - // CHECKSTYLE:OFF - System.out.println(sb); - // CHECKSTYLE:ON - } - } - - private int countSigs(PGPPublicKeyRing keys) { - int numSigs = 0; - for (PGPPublicKey key : keys) { - numSigs += count(key.getSignatures()); - } - return numSigs; - } - - // TODO: Use CollectionUtils.count() once available - private int count(Iterator iterator) { - int num = 0; - while (iterator.hasNext()) { - iterator.next(); - num++; - } - return num; - } - }; - } - - /** - * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead - * returns the first instance. - * - * @return overriding callback - */ - public static KeyMaterialMerger overrideCertificate() { - // noinspection Convert2Lambda - return new KeyMaterialMerger() { - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { - return data; - } - }; - } - - public static KeyMaterialMerger overrideKey() { - // noinspection Convert2Lambda - return new KeyMaterialMerger() { - @Override - public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { - return data; - } - }; - } -} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java index ff36878..501d6ca 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/PGPCertDCli.java @@ -6,13 +6,15 @@ package pgp.cert_d.cli; import org.pgpainless.certificate_store.PGPainlessCertD; import pgp.cert_d.BaseDirectoryProvider; -import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.cli.commands.Export; +import pgp.cert_d.cli.commands.Find; import pgp.cert_d.cli.commands.Get; import pgp.cert_d.cli.commands.Insert; import pgp.cert_d.cli.commands.Import; import pgp.cert_d.cli.commands.List; import pgp.cert_d.cli.commands.Setup; +import pgp.cert_d.jdbc.sqlite.DatabaseSubkeyLookupFactory; +import pgp.certificate_store.exception.NotAStoreException; import picocli.CommandLine; import java.io.File; @@ -28,7 +30,8 @@ import java.sql.SQLException; Import.class, Get.class, Setup.class, - List.class + List.class, + Find.class } ) public class PGPCertDCli { @@ -53,7 +56,7 @@ public class PGPCertDCli { baseDirectory = BaseDirectoryProvider.getDefaultBaseDir(); } - PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory); + PGPCertDCli.certificateDirectory = PGPainlessCertD.fileBased(baseDirectory, new DatabaseSubkeyLookupFactory()); } public static void main(String[] args) { diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java index 7e06e58..4bfc24f 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Export.java @@ -9,7 +9,7 @@ import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; import picocli.CommandLine; import java.io.IOException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java new file mode 100644 index 0000000..445a347 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Find.java @@ -0,0 +1,57 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package pgp.cert_d.cli.commands; + +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.cert_d.cli.PGPCertDCli; +import picocli.CommandLine; + +import java.io.IOException; +import java.math.BigInteger; +import java.util.Set; +import java.util.regex.Pattern; + +@CommandLine.Command(name = "find", + resourceBundle = "msg_find") +public class Find implements Runnable { + + private static final Pattern LONG_KEY_ID = Pattern.compile("^[0-9A-Fa-f]{16}$"); + + @CommandLine.Parameters( + paramLabel = "IDENTIFIER", + arity = "1") + String identifier; + + @Override + public void run() { + if (identifier == null) { + throw new IllegalArgumentException("No subkey ID provided."); + } + identifier = identifier.trim(); + long subkeyId = 0; + try { + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.parse(identifier); + subkeyId = fingerprint.getKeyId(); + } catch (IllegalArgumentException e) { + if (!LONG_KEY_ID.matcher(identifier).matches()) { + throw new IllegalArgumentException("Provided long key-id does not match expected format. " + + "A long key-id consists of 16 hexadecimal characters."); + } + subkeyId = new BigInteger(identifier, 16).longValue(); + } + + try { + Set fingerprints = PGPCertDCli.getCertificateDirectory() + .getCertificateFingerprintsForSubkeyId(subkeyId); + for (String fingerprint : fingerprints) { + // CHECKSTYLE:OFF + System.out.println(fingerprint); + // CHECKSTYLE:ON + } + } catch (IOException e) { + throw new RuntimeException(e); + } + } +} diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java index 3f303c7..96c2b76 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Get.java @@ -4,14 +4,15 @@ package pgp.cert_d.cli.commands; +import org.bouncycastle.bcpg.ArmoredOutputStream; import org.bouncycastle.util.io.Streams; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.exception.BadNameException; import pgp.cert_d.SpecialNames; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; import picocli.CommandLine; import java.io.IOException; @@ -22,6 +23,9 @@ public class Get implements Runnable { private static final Logger LOGGER = LoggerFactory.getLogger(Get.class); + @CommandLine.Option(names = {"-a", "--armor"}) + boolean armor = false; + @CommandLine.Parameters( paramLabel = "IDENTIFIER", arity = "1" @@ -35,12 +39,20 @@ public class Get implements Runnable { if (SpecialNames.lookupSpecialName(identifer) != null) { record = PGPCertDCli.getCertificateDirectory().getBySpecialName(identifer); } else { - record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer); + record = PGPCertDCli.getCertificateDirectory().getByFingerprint(identifer.toLowerCase()); } if (record == null) { return; } - Streams.pipeAll(record.getInputStream(), System.out); + + if (armor) { + ArmoredOutputStream armorOut = new ArmoredOutputStream(System.out); + Streams.pipeAll(record.getInputStream(), armorOut); + armorOut.close(); + } else { + Streams.pipeAll(record.getInputStream(), System.out); + } + } catch (IOException e) { LOGGER.error("IO Error", e); System.exit(-1); diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java index 2f35cc7..d7d29fb 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Import.java @@ -10,10 +10,10 @@ import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; import org.pgpainless.PGPainless; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.cli.MergeCallbacks; +import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java index 25a2116..c88ead0 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Insert.java @@ -6,10 +6,10 @@ package pgp.cert_d.cli.commands; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.cli.MergeCallbacks; +import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.IOException; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java index cedf1ff..2ce37a0 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/List.java @@ -5,7 +5,7 @@ package pgp.cert_d.cli.commands; import pgp.cert_d.cli.PGPCertDCli; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; import picocli.CommandLine; import java.util.Iterator; diff --git a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java index 3f2d2d9..0178e0a 100644 --- a/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java +++ b/pgpainless-cert-d-cli/src/main/java/pgp/cert_d/cli/commands/Setup.java @@ -15,9 +15,9 @@ import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.util.Passphrase; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.cli.MergeCallbacks; +import org.pgpainless.certificate_store.MergeCallbacks; import pgp.cert_d.cli.PGPCertDCli; +import pgp.certificate_store.exception.BadDataException; import picocli.CommandLine; import java.io.ByteArrayInputStream; diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties index 8d6b59a..2798b4f 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_export.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export.properties @@ -2,6 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 usage.header=Export all certificates in the store to Standard Output +armor=Wrap the output in ASCII armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Usage:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties index 2a7a2e1..a078ca4 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_export_de.properties @@ -2,6 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 usage.header=Exportiere alle gespeicherten Zertifikate zur Standardausgabe +armor=Verpacke the Ausgabe in ASCII Armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Aufruf:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_find.properties b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties new file mode 100644 index 0000000..d2dd833 --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_find.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Lookup primary certificate fingerprints by subkey ids or fingerprints + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Usage:\u0020 +usage.commandListHeading = %nCommands:%n +usage.optionListHeading = %nOptions:%n +usage.footerHeading=Powered by picocli%n +store=Overwrite the default certificate directory path diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties new file mode 100644 index 0000000..9fe69df --- /dev/null +++ b/pgpainless-cert-d-cli/src/main/resources/msg_find_de.properties @@ -0,0 +1,11 @@ +# SPDX-FileCopyrightText: 2022 Paul Schaub +# +# SPDX-License-Identifier: Apache-2.0 +usage.header=Schlage primäre Fingerabdrücke von Zertifikaten per ID oder Fingerabdruck von Unterschlüsseln nach + +# Generic TODO: Remove when bumping picocli to 4.7.0 +usage.synopsisHeading=Aufruf:\u0020 +usage.commandListHeading=%nBefehle:%n +usage.optionListHeading = %nOptionen:%n +usage.footerHeading=Powered by Picocli%n +store=Überschreibe den Standardpfad des Zertifikatsverzeichnisses diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties index 5e04944..a031d99 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_get.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get.properties @@ -3,6 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 usage.header=Retrieve certificates from the store IDENTIFIER[0]=Certificate identifier (fingerprint or special name) +armor=Wrap the output in ASCII armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Usage:\u0020 diff --git a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties index 36fd12b..b0f82b1 100644 --- a/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties +++ b/pgpainless-cert-d-cli/src/main/resources/msg_get_de.properties @@ -3,6 +3,7 @@ # SPDX-License-Identifier: Apache-2.0 usage.header=Frage Zertifikate aus dem Speicher ab IDENTIFIER[0]=Zertifikatskennung (Fingerabdruck oder Spezialname) +armor=Verpacke the Ausgabe in ASCII Armor # Generic TODO: Remove when bumping picocli to 4.7.0 usage.synopsisHeading=Aufruf:\u0020 diff --git a/pgpainless-cert-d/build.gradle b/pgpainless-cert-d/build.gradle index bba6ebf..ed891ec 100644 --- a/pgpainless-cert-d/build.gradle +++ b/pgpainless-cert-d/build.gradle @@ -34,6 +34,7 @@ dependencies { // pgp.cert.d api "org.pgpainless:pgp-cert-d-java:$pgpCertDJavaVersion" + api "org.pgpainless:pgp-certificate-store:$pgpCertDJavaVersion" } animalsniffer { diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java index 1757491..8fe8919 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/CertificateFactory.java @@ -8,16 +8,16 @@ import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.key.OpenPgpFingerprint; -import pgp.certificate.Certificate; +import pgp.certificate_store.certificate.Certificate; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.HashSet; +import java.util.ArrayList; import java.util.Iterator; -import java.util.Set; +import java.util.List; public class CertificateFactory { @@ -46,8 +46,8 @@ public class CertificateFactory { } @Override - public Set getSubkeyIds() throws IOException { - Set keyIds = new HashSet<>(); + public List getSubkeyIds() throws IOException { + List keyIds = new ArrayList<>(); Iterator keys = publicKeyRing.getPublicKeys(); while (keys.hasNext()) { keyIds.add(keys.next().getKeyID()); diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java index d71777b..18cc66e 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyFactory.java @@ -8,15 +8,15 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.bouncycastle.util.encoders.Base64; import org.pgpainless.PGPainless; -import pgp.certificate.Certificate; -import pgp.certificate.Key; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.certificate.Key; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.Set; +import java.util.List; public class KeyFactory { @@ -52,7 +52,7 @@ public class KeyFactory { } @Override - public Set getSubkeyIds() throws IOException { + public List getSubkeyIds() throws IOException { return getCertificate().getSubkeyIds(); } }; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java index b102937..34ef5a5 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/KeyMaterialReader.java @@ -8,9 +8,9 @@ import org.bouncycastle.openpgp.PGPKeyRing; import org.bouncycastle.openpgp.PGPPublicKeyRing; import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.pgpainless.PGPainless; -import pgp.cert_d.exception.BadDataException; -import pgp.certificate.KeyMaterial; -import pgp.certificate.KeyMaterialReaderBackend; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialReaderBackend; +import pgp.certificate_store.exception.BadDataException; import java.io.IOException; import java.io.InputStream; diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java new file mode 100644 index 0000000..242ed49 --- /dev/null +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/MergeCallbacks.java @@ -0,0 +1,173 @@ +// SPDX-FileCopyrightText: 2022 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.certificate_store; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPKeyRing; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.pgpainless.PGPainless; +import org.pgpainless.key.OpenPgpFingerprint; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialMerger; +import pgp.certificate_store.exception.BadDataException; + +import java.io.IOException; +import java.util.Arrays; +import java.util.Iterator; + +public class MergeCallbacks { + + /** + * Return a {@link KeyMaterialMerger} that merges the two copies of the same certificate (same primary key) into one + * combined certificate. + * + * @return merging callback + */ + public static KeyMaterialMerger mergeCertificates() { + return new KeyMaterialMerger() { + + @Override + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) throws IOException { + if (data == null) { + return existing; + } + if (existing == null) { + return data; + } + + try { + PGPKeyRing existingKeyRing = PGPainless.readKeyRing().keyRing(existing.getInputStream()); + PGPKeyRing updatedKeyRing = PGPainless.readKeyRing().keyRing(data.getInputStream()); + + PGPKeyRing mergedKeyRing; + + if (existingKeyRing instanceof PGPPublicKeyRing) { + PGPPublicKeyRing existingCert = (PGPPublicKeyRing) existingKeyRing; + if (updatedKeyRing instanceof PGPPublicKeyRing) { + mergedKeyRing = PGPPublicKeyRing.join(existingCert, (PGPPublicKeyRing) updatedKeyRing); + } else if (updatedKeyRing instanceof PGPSecretKeyRing) { + PGPPublicKeyRing updatedPublicKeys = PGPainless.extractCertificate((PGPSecretKeyRing) updatedKeyRing); + PGPPublicKeyRing mergedPublicKeys = PGPPublicKeyRing.join(existingCert, updatedPublicKeys); + updatedKeyRing = PGPSecretKeyRing.replacePublicKeys((PGPSecretKeyRing) updatedKeyRing, mergedPublicKeys); + mergedKeyRing = updatedKeyRing; + } else { + throw new IOException(new BadDataException()); + } + } else if (existingKeyRing instanceof PGPSecretKeyRing) { + PGPSecretKeyRing existingKey = (PGPSecretKeyRing) existingKeyRing; + PGPPublicKeyRing existingCert = PGPainless.extractCertificate(existingKey); + if (updatedKeyRing instanceof PGPPublicKeyRing) { + PGPPublicKeyRing updatedCert = (PGPPublicKeyRing) updatedKeyRing; + PGPPublicKeyRing mergedCert = PGPPublicKeyRing.join(existingCert, updatedCert); + mergedKeyRing = PGPSecretKeyRing.replacePublicKeys(existingKey, mergedCert); + } else if (updatedKeyRing instanceof PGPSecretKeyRing) { + PGPSecretKeyRing updatedKey = (PGPSecretKeyRing) updatedKeyRing; + if (!Arrays.equals(existingKey.getEncoded(), updatedKey.getEncoded())) { + // Merging secret keys is not supported. + return existing; + } + mergedKeyRing = existingKeyRing; + } else { + throw new IOException(new BadDataException()); + } + } else { + throw new IOException(new BadDataException()); + } + + printOutDifferences(existingKeyRing, mergedKeyRing); + + if (mergedKeyRing instanceof PGPPublicKeyRing) { + return CertificateFactory.certificateFromPublicKeyRing((PGPPublicKeyRing) mergedKeyRing); + } else { + return KeyFactory.keyFromSecretKeyRing((PGPSecretKeyRing) mergedKeyRing); + } + + } catch (PGPException e) { + throw new RuntimeException(e); + } + } + + private void printOutDifferences(PGPKeyRing existingCert, PGPKeyRing mergedCert) { + int numSigsBefore = countSigs(existingCert); + int numSigsAfter = countSigs(mergedCert); + int newSigs = numSigsAfter - numSigsBefore; + int numUidsBefore = count(existingCert.getPublicKey().getUserIDs()); + int numUidsAfter = count(mergedCert.getPublicKey().getUserIDs()); + int newUids = numUidsAfter - numUidsBefore; + + if (!existingCert.equals(mergedCert)) { + OpenPgpFingerprint fingerprint = OpenPgpFingerprint.of(mergedCert); + StringBuilder sb = new StringBuilder(); + sb.append(String.format("Certificate %s has", fingerprint)); + if (newSigs != 0) { + sb.append(String.format(" %d new signatures", newSigs)); + } + if (newUids != 0) { + if (newSigs != 0) { + sb.append(" and"); + } + sb.append(String.format(" %d new UIDs", newUids)); + } + if (newSigs == 0 && newUids == 0) { + sb.append(" changed"); + } + + // In this case it is okay to print to stdout, since we are a CLI app + // CHECKSTYLE:OFF + System.out.println(sb); + // CHECKSTYLE:ON + } + } + + private int countSigs(PGPKeyRing keys) { + int numSigs = 0; + Iterator iterator = keys.getPublicKeys(); + while (iterator.hasNext()) { + PGPPublicKey key = iterator.next(); + numSigs += count(key.getSignatures()); + } + return numSigs; + } + + // TODO: Use CollectionUtils.count() once available + private int count(Iterator iterator) { + int num = 0; + while (iterator.hasNext()) { + iterator.next(); + num++; + } + return num; + } + }; + } + + /** + * Return an implementation of {@link KeyMaterialMerger} that ignores the existing certificate and instead + * returns the first instance. + * + * @return overriding callback + */ + public static KeyMaterialMerger overrideCertificate() { + // noinspection Convert2Lambda + return new KeyMaterialMerger() { + @Override + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { + return data; + } + }; + } + + public static KeyMaterialMerger overrideKey() { + // noinspection Convert2Lambda + return new KeyMaterialMerger() { + @Override + public KeyMaterial merge(KeyMaterial data, KeyMaterial existing) { + return data; + } + }; + } +} diff --git a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java index 547e535..a322301 100644 --- a/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java +++ b/pgpainless-cert-d/src/main/java/org/pgpainless/certificate_store/PGPainlessCertD.java @@ -7,8 +7,11 @@ package org.pgpainless.certificate_store; import pgp.cert_d.BaseDirectoryProvider; import pgp.cert_d.backend.FileBasedCertificateDirectoryBackend; import pgp.cert_d.backend.InMemoryCertificateDirectoryBackend; -import pgp.cert_d.exception.NotAStoreException; import pgp.cert_d.PGPCertificateDirectory; +import pgp.cert_d.subkey_lookup.InMemorySubkeyLookup; +import pgp.cert_d.subkey_lookup.SubkeyLookup; +import pgp.cert_d.subkey_lookup.SubkeyLookupFactory; +import pgp.certificate_store.exception.NotAStoreException; import java.io.File; @@ -16,21 +19,25 @@ public class PGPainlessCertD extends PGPCertificateDirectory { private static final KeyMaterialReader keyMaterialReader = new KeyMaterialReader(); - public PGPainlessCertD(Backend backend) { - super(backend); + public PGPainlessCertD(Backend backend, SubkeyLookup subkeyLookup) { + super(backend, subkeyLookup); } public static PGPainlessCertD inMemory() { Backend backend = new InMemoryCertificateDirectoryBackend(keyMaterialReader); - return new PGPainlessCertD(backend); + SubkeyLookup subkeyLookup = new InMemorySubkeyLookup(); + return new PGPainlessCertD(backend, subkeyLookup); } - public static PGPainlessCertD fileBased() throws NotAStoreException { - return fileBased(BaseDirectoryProvider.getDefaultBaseDir()); + public static PGPainlessCertD fileBased(SubkeyLookupFactory subkeyLookupFactory) + throws NotAStoreException { + return fileBased(BaseDirectoryProvider.getDefaultBaseDir(), subkeyLookupFactory); } - public static PGPainlessCertD fileBased(File baseDirectory) throws NotAStoreException { + public static PGPainlessCertD fileBased(File baseDirectory, SubkeyLookupFactory subkeyLookupFactory) + throws NotAStoreException { Backend backend = new FileBasedCertificateDirectoryBackend(baseDirectory, keyMaterialReader); - return new PGPainlessCertD(backend); + SubkeyLookup subkeyLookup = subkeyLookupFactory.createFileBasedInstance(baseDirectory); + return new PGPainlessCertD(backend, subkeyLookup); } } diff --git a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java index 69386bc..7b2521b 100644 --- a/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java +++ b/pgpainless-cert-d/src/test/java/org/pgpainless/cert_d/SharedPGPCertificateDirectoryTest.java @@ -36,12 +36,13 @@ import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.key.generation.KeySpec; import org.pgpainless.key.generation.type.KeyType; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; -import pgp.cert_d.exception.BadDataException; -import pgp.cert_d.exception.BadNameException; -import pgp.cert_d.exception.NotAStoreException; -import pgp.certificate.Certificate; -import pgp.certificate.KeyMaterial; -import pgp.certificate.KeyMaterialMerger; +import pgp.cert_d.subkey_lookup.InMemorySubkeyLookupFactory; +import pgp.certificate_store.certificate.Certificate; +import pgp.certificate_store.certificate.KeyMaterial; +import pgp.certificate_store.certificate.KeyMaterialMerger; +import pgp.certificate_store.exception.BadDataException; +import pgp.certificate_store.exception.BadNameException; +import pgp.certificate_store.exception.NotAStoreException; public class SharedPGPCertificateDirectoryTest { @@ -54,7 +55,7 @@ public class SharedPGPCertificateDirectoryTest { private static Stream provideTestSubjects() throws IOException, NotAStoreException { return Stream.of( - PGPainlessCertD.fileBased(tempDir())); + PGPainlessCertD.fileBased(tempDir(), new InMemorySubkeyLookupFactory())); } private static File tempDir() throws IOException { diff --git a/version.gradle b/version.gradle index 90264e0..45efb59 100644 --- a/version.gradle +++ b/version.gradle @@ -12,7 +12,7 @@ allprojects { logbackVersion = '1.2.11' junitVersion = '5.8.2' mockitoVersion = '4.5.1' - pgpainlessVersion = '1.3.5-SNAPSHOT' + pgpainlessVersion = '1.3.5' pgpCertDJavaVersion = '0.1.2-SNAPSHOT' picocliVersion = '4.6.3' }